Timthumb Vulnerability Scanner
Bulk Upgrade (6 posts)

  1. Jacob Gillespie
    Posted 4 years ago #

    Hey, thanks for the great plugin! It's a really great tool that's saving me lots of time in dealing with the older timthumb.php files.

    One suggestion - it would be great to have a "fix all" button or checkboxes with a check all option to fix the detected bad files. I personally have around 70 copies of the timthumb script on my large multisite install (lots of themes), so it would be great to have a way to bulk-fix.



  2. Peter Butler
    Plugin Author

    Posted 4 years ago #

    Hey Jacob -

    Thanks for the input. This is certainly possible - my only hesitation is that it's POSSIBLE that the upgrader would "fix" a file that just looks like an old timthumb script, but actually isn't. If that happens, it will obviously break whatever the file actually was. So - I'd hate to have a situation where somebody bulk upgrades, has problems, and then doesn't know where to look for the problems, because they don't know which upgraded file is causing them.

    I suppose the risk could be mitigated if I saved the old version of the file somewhere, so the user could restore if there was a problem - that's a feature I was thinking of adding anyway.

  3. Jacob Gillespie
    Posted 4 years ago #

    Hey Peter!

    Thanks for the response - I'm on a slow enough connection that I decided that I didn't want to go through the process of clicking the fix button one-by-one, so I just added the "fix all" button myself. :)

    In the process, I got a little carried away and decided to reformat the code to add a better message display function, move some of the duplicate code into functions for code reuse, and reformat all of the code to meet the WordPress coding standards (found at http://codex.wordpress.org/WordPress_Coding_Standards).

    Here's a link to the changed version: http://cl.ly/2b2I2a420k2m0v1N3M3m

    Feel free to add any/all/none of that code to the next version of the plugin. I'd be really happy if I was able to help make your very useful plugin even more useful to people like me with large multisite installs (with 100s of themes and old timthumb files).

    So, I'm basically giving you that modified code for you to use/discard as you see fit. :)

    I'll be installing it on my multisite install.

    Keep up the good work!

    Jacob Gillespie

    P.S. Side question - does Locker work with multisite? If so, does one multisite install count as one site toward the plan quota?

  4. Peter Butler
    Plugin Author

    Posted 4 years ago #

    Thanks Jacob! Here's the plugin on github - feel free to fork and change as necessary. I went ahead and folded your changes in along with some minor change I had made for version 1.2. The new version has just been pushed to the WP repo as well.

  5. Jacob Gillespie
    Posted 4 years ago #

    Link: https://github.com/peterbutler/Timthumb-Vulnerability-Scanner-Wordpress-Plugin

    Thanks! If I think of anything else, I'll fork and add.

  6. Peter Butler
    Plugin Author

    Posted 4 years ago #

    Heh - thanks for catching that. Not sure how I managed to forget the link...

Topic Closed

This topic has been closed to new replies.

About this Plugin

  • Timthumb Vulnerability Scanner
  • Frequently Asked Questions
  • Support Threads
  • Reviews

About this Topic